4 matches found
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview @apostrophecms/import-export is an Import Export Documents for ApostropheCMS Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the extract function in gzip.js. A user with Global Content Modify permission can write arbitrary file...
Information Exposure
Overview @vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Information Exposure via the authenticate function. An attacker can determine valid usernames by measuring response times during authentication attempts. Remediation Upgrade...
CVE-2017-20023
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to...
CVE-2017-20022
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is...